From 6d0624411a979e2e1d76af4dd97d03f47679ea4a Mon Sep 17 00:00:00 2001
From: Michael Elkins <me@sigpipe.org>
Date: Fri, 6 Aug 2010 13:11:30 -0700
Subject: [PATCH] use a 64-bit random value in temporary filenames.

closes #3158
---
 init.c    | 16 ++++++++++++++++
 muttlib.c |  9 +++++++--
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/init.c b/init.c
index 95ddfb59..23512bb0 100644
--- a/init.c
+++ b/init.c
@@ -50,6 +50,7 @@
 #include <sys/utsname.h>
 #include <errno.h>
 #include <sys/wait.h>
+#include <sys/time.h>
 
 #define CHECK_PAGER \
   if ((CurrentMenu == MENU_PAGER) && (idx >= 0) &&	\
@@ -2858,6 +2859,20 @@ static int mutt_execute_commands (LIST *p)
   return 0;
 }
 
+static void mutt_srandom (void)
+{
+  struct timeval tv;
+  unsigned seed;
+
+  gettimeofday(&tv, NULL);
+  /* POSIX.1-2008 states that seed is 'unsigned' without specifying its width.
+   * Use as many of the lower order bits from the current time of day as the seed.
+   * If the upper bound is truncated, that is fine.
+   */
+  seed = (tv.tv_sec << 20) | tv.tv_usec;
+  srandom(seed);
+}
+
 void mutt_init (int skip_sys_rc, LIST *commands)
 {
   struct passwd *pw;
@@ -2874,6 +2889,7 @@ void mutt_init (int skip_sys_rc, LIST *commands)
   ReverseAlias = hash_create (1031, 1);
   
   mutt_menu_init ();
+  mutt_srandom ();
 
   /* 
    * XXX - use something even more difficult to predict?
diff --git a/muttlib.c b/muttlib.c
index 2bde6be8..bc3275dc 100644
--- a/muttlib.c
+++ b/muttlib.c
@@ -781,9 +781,14 @@ void mutt_merge_envelopes(ENVELOPE* base, ENVELOPE** extra)
 
 void _mutt_mktemp (char *s, size_t slen, const char *src, int line)
 {
-  snprintf (s, slen, "%s/mutt-%s-%d-%d-%d", NONULL (Tempdir), NONULL(Hostname), (int) getuid(), (int) getpid (), Counter++);
+  size_t n = snprintf (s, slen, "%s/mutt-%s-%d-%d-%ld%ld", NONULL(Tempdir), NONULL(Hostname),
+      (int) getuid(), (int) getpid(), random(), random());
+  if (n >= slen)
+    dprint(1, (debugfile, "%s:%d: ERROR: insufficient buffer space to hold temporary filename! slen=%zu but need %zu\n",
+	  src, line, slen, n));
   dprint (3, (debugfile, "%s:%d: mutt_mktemp returns \"%s\".\n", src, line, s));
-  unlink (s);
+  if (unlink (s))
+    dprint(1, (debugfile, "%s:%d: ERROR: unable to unlink temporary file\n", src, line));
 }
 
 void mutt_free_alias (ALIAS **p)
-- 
2.40.0